RegRally Insights: AML/CTF Compliance, October 202

This month’s AML/CTF newsletter highlights a shifting compliance landscape shaped by technological innovation and cross-border collaboration. As regulatory authorities intensify scrutiny on digital assets and high-risk sectors, organizations are reminded that sustainable compliance depends not only on technology, but on cultivating a culture of vigilance and accountability at every level.

Lithuania Tightens AML Rules for Trust and Company Service Providers

On 24 September 2025, the Financial Crime Investigation Service (FCIS) adopted Order No. V-221, updating the 2017 Instructions for providers of trust or company formation and administration services. The amendments apply to all such providers in Lithuania that are not auditors or accounting firms and bring national rules in line with EU AML/CTF standards.

The revised Instructions reinforce a risk-based approach, requiring ordinary, simplified, or enhanced due diligence based on client risk. Enhanced checks are mandatory for high-risk clients, PEPs, and third-country relationships. Providers must verify client and beneficial owner identities, understand ownership structures, and continuously monitor transactions.

Reporting duties are tightened: suspicious transactions must be suspended and reported to the FCIS, while cash transactions of EUR 15,000 or more must be declared. Providers must maintain registers of suspicious transactions, cash operations, and terminated relationships, and align audited financial reports and monitoring procedures with international standards.

Senior management bears ultimate responsibility for compliance, ensuring effective internal controls, sanctions screening, and staff training. The Instructions emphasise accountability at the governance level and require ongoing updating of internal AML/CTF systems to reflect changes in regulation and risk.

FATF Calls for Stronger Cross-Border Cooperation in Money Laundering Investigations

In 2025, the Financial Action Task Force (FATF) issued a Handbook on international cooperation detecting, investigating, and prosecuting money laundering. The report highlights that cross-border financial crime is accelerating in speed and complexity, making investigations increasingly difficult.

FATF distinguishes between formal channels (mutual legal assistance, extradition) and informal mechanisms (direct intelligence sharing), stressing that both are essential and should operate in parallel. It warns that fragmented legal frameworks, slow procedures, and weak coordination continue to undermine enforcement efforts.

Countries are urged to improve the speed and quality of requests, strengthen inter-agency coordination, and adopt secure digital tools that support real-time data exchange and joint investigations.

Recommended actions for institutions:

Maintain accurate, easily retrievable records to enable rapid responses to cross-border information requests.
Enhance internal AML frameworks to detect and assess transactions with international exposure or links to higher-risk jurisdictions.

EU Supervisory Authorities Urge Vigilance Amid Rising Geopolitical and Economic Risks

The European Supervisory Authorities (EBA, EIOPA, and ESMA) have issued a joint statement urging financial institutions to remain alert amid heightened geopolitical tensions and economic uncertainty.

Their Autumn 2025 Joint Committee Report notes a deteriorating economic outlook driven by global trade tensions and security concerns. Although the US–EU preliminary trade agreement has moderately stabilised, the authorities warn that financial stability risks persist, calling for proactive risk management and adequate provisioning across the sector.

Switzerland’s MROS Issues Guidance on “Negative Typologies” in Suspicious Activity Reporting

In August 2025, the Swiss Money Laundering Reporting Office (MROS) published guidance on so-called “negative typologies” in suspicious activity reporting (SARs), clarifying when a SAR should not be filed.

MROS emphasises that SARs must be grounded in clear, verifiable suspicion of criminally derived assets under Article 9 of the AMLA. Many recent reports have been overly defensive, vague, or unsupported, limiting their usefulness to law enforcement.

The guidance specifies that certain situations—such as failed account openings, technical errors, unverified media claims, ordinary cryptocurrency transactions, or reports concerning victims of fraud—do not meet the SAR threshold. Institutions can also not report their own losses, speculative risks or atypical behaviour without criminal links as insufficient grounds for filing.

Recommended actions:

File only substantiated SARs — avoid defensive or speculative reporting.
Strengthen internal review and escalation to exclude cases lacking concrete indicators of illicit funds.
Refine monitoring systems, especially for crypto-assets, to distinguish legitimate from criminal activity.
Ensure SAR quality and clarity — reports must be well-structured, evidence-based, and clearly justify the suspicion.

Bank of Lithuania Fines Paysera €400,000 for Unauthorised Acquisition and Reporting Failures

On 5 September 2025, the Bank of Lithuania imposed a €400,000 fine on Paysera LT, UAB, after the institution acquired 100% of the shares of Finansinės paslaugos Contis, UAB, without obtaining the required regulatory approval and failed to comply with reporting obligations.

The central bank noted that Paysera repeatedly failed to provide information necessary to assess the acquirer’s reputation, financial soundness, AML/CTF risks, post-acquisition governance, and the target’s ability to meet regulatory requirements. As approval was not granted, Paysera is prohibited from exercising voting rights in the acquired entity.

Additional breaches included failing to approve and submit audited annual financial statements in a timely manner, making profit distribution decisions, and filing mandatory financial and operational reports. Considering the nature, scale, and recurrence of the violations and Paysera’s 2024 revenues, the Bank of Lithuania determined the fine at €400,000.

Paysera has been ordered to rectify reporting deficiencies by 30 September and adopt measures to prevent future breaches. The company has resubmitted its application for acquisition approval, which is currently under review.

FATF Upgrades the Netherlands’ Rating on AML/CFT Compliance

On 23 September 2025, the Financial Action Task Force (FATF) evaluated the progress made by the Netherlands since its 2022 mutual evaluation in strengthening its AML/CFT framework.

The FATF noted substantial improvements, particularly in addressing technical deficiencies identified in the 2022 Mutual Evaluation Report. As a result, Recommendation 15 (New Technologies) was upgraded from Partially Compliant to Largely Compliant.

The Netherlands now has 10 Recommendations rated Compliant, 29 Largely Compliant, and 1 Partially Compliant. The country remains under regular follow-up, with the FATF encouraging continued progress, especially in virtual assets, beneficial ownership transparency, and supervision of non-financial sectors.